The Black Vine cyberespionage group

Black Vine is a cyberespionage group that has been actively conducting its campaigns since 2012. It has been targeting several industries, including aerospace, energy, and healthcare.
The group has access to zero-day exploits distributed through the Elderwood framework, conducts watering-hole attacks against sites that are relevant to its targets, and drops custom back door malware.
Symantec analyzed Black Vine's attack tools and campaigns to track its activity over the past few years.